Car hackers could get a life sentence under proposed anti-hacking law by John Zorabedian.
From the post:
Hacking a car in Michigan could become a felony with a life sentence, if proposed legislation introduced last week becomes law in the home state of the US auto industry.
The proposed legislation, Senate Bill 927, would make it illegal for any person to access an electronic system of a motor vehicle to “willfully destroy, damage, impair, alter, or gain unauthorized control” of the vehicle:
…
John does his readers a big favor by linking directly to the legislation in question! Thanks John!
John summarizes policy issues on car hacking legislation and has quotes from the timids who worry that legitimate security researchers will be prosecuted under such laws.
To be sure, county prosecutors go off on wild tangents, engage in abuse of discretion, etc., but for the most part, they aren’t looking for more cases to prosecute. Especially dodgy ones.
Security researchers, real security researchers, not just hackers who claim to be security researchers, should not be like the timids who wanted legal coverage before they would torture people.
What’s with that? If you really thought that a briefcase nuke was about to go off in the Mall of the Americas, would you really worry about being prosecuted for torture, if you thought that would work?
You wouldn’t nor would any other sensible person. It’s what’s called prosecutorial discretion. Yes, what you did was a crime but you saved X lives, etc., etc. No one is going to be prosecuted in such a case.
If as a security researcher you come up with an easy hack that the state attorney general can get PR from by forcing a recall, what do you think the odds are of a strained reading that would subject you to prosecution?
Does that mean there is no risk of prosecution? Of course not. Prosecution is always possible, whether you are guilty of any offense or not.
We do need better legislation in general and on cybersecurity in particular. Having the timids wring their hands in anguish over imagined literalism on the part of prosecutors isn’t going to get us there.
PS: To illustrate how dis-connected the anti-hacking legislation is from any commonly shared reality, consider this summary of laws on car hijacking. The only ones carrying a life penalty were for murder during a hijacking, repeat offenders, etc.